Take a look at the source to the "sf" firewall. Stateful firewalls keep
track of the sequence numbers and active tcp sockets. That means you can
pull the icmp header off the icmp df and look at the header its claiming
to have bounced and see if its sequence/ports are valid for a connection
you currently have.
> Yes - those who break the official IP specs should be slapped (hi
> mickysoft)... but noone is doing that these days <sigh>.... I DO
> remember before WWW - when such things WERE watched :)
The microsoft guys are actually fairly good.
Alan